On Thu, 2004-08-05 at 17:20, Seth Goodman wrote:
What people are forgetting about the whole flawed architecture is that
it is hop-by-hop validation. The PRA extraction only looks for the
_current_ sender, not the original sender. This means that
I.M.Phisher.com can take a throw-away, SPF-compliant domain and
construct a message From:Thomas
Moneybuckets<CEO(_at_)BankOfAmerica(_dot_)com> with
Resent-From:<phishy(_at_)I(_dot_)M(_dot_)Phisher(_dot_)com>.
That wouldn't be a problem if we had a modifier similar to
"sender_agents=" as I suggested in
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200407/0413.html
because such a message need never be accepted by the recipient's MTA.
(bankofamerica.com would presumably not list
phisy(_at_)I(_dot_)M(_dot_)Phisher(_dot_)com as a
sender agent authorized to speak on its behalf.)
Unfortunately, *without* something like sender_agents, we're in a
situation somewhat reminiscent of being without spf. In both cases
there are types of forgery that can't be reliably detected, instead
recipients are forced to make (educated) guesses.
Sender_agents would provide for the possibility of true, reliable
header-Sender forgery detection, (when senders participate).
Updated MUAs, a dependence upon the alertness of users, and IP-based
blocklists will not.
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com